VMware Driver Vulnerability in OpenStack Compute by OpenStack
CVE-2014-2573

Currently unrated

Key Information:

Vendor: Openstack
Status: Compute
Vendor: CVE Published:; 25 March 2014

Summary

The VMware driver in OpenStack Compute (Nova) versions 2013.2 to 2013.2.2 is susceptible to an improper handling of virtual machine (VM) states. This vulnerability can be exploited by authenticated users who can manipulate the state of a VM by placing it into RESCUE status. Once in this state, users can bypass imposed quota limits and potentially lead to a denial of service by repeatedly requesting the VMs to be put into rescue mode and subsequently deleting the associated images. This manipulation opens the potential for resource consumption issues within the OpenStack environment.

References

http://www.openwall.com/lists/oss-security/2014/03/21/2

mailing-listx_refsource_MLIST

http://secunia.com/advisories/57498

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/nova/+bug/1269418

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 25, 2014
Vulnerability Reserved
Mar 21, 2014